Electrum DDoS botnet infects over 150K hosts

Electrum DDoS botnet

Hackers have infected nearly 152,000 hosts with a Distributed Denial of Service (DDoS) botnet targeting Electrum developers and their servers.

According to Malwarebytes, the cyber attacks started back in December of 2018 and initially targeted Electrum Bitcoin wallets via phishing attacks. Hackers to date have stolen $4.6 million worth of Bitcoin from its users, up from $4 million just a couple of weeks ago.

The DDoS attacks appear to be in retaliation to Electrum developers’ attempts to provide patches to fix a vulnerability in the Electrum Bitcoin wallet. The hackers were able to send out phishing emails to users in order to exploit the unpatched Electrum vulnerability on unsuspecting users’ systems.

As of April 25, the number of hosts infected with the botnet had reached 152,000 hosts and fluctuated around 100,000 infected hosts since then.

Malwarebytes researchers said they correlated the botnet attacks to two distribution campaigns – RIG exploit kit and Smoke Loader – used to drop malware dubbed ElectrumDoSMiner. Researchers also detected a loader, Trojan.BeamWinHTTP, used to download ElectrumDoSMiner.

The experts added that botnet infections were mostly concentrated in the Asia Pacific region, but also had bots in Brazil and Peru. Endpoints are continuously being cleaned up while approximately 2,000 endpoints are still being infected daily to join the Electrum botnet.

Also, see previous blog post by Malwarebytes on the Electrum Bitcoin wallet attacks reported earlier this month.